Security News > 2022 > November > Russian hacktivists hit Ukrainian orgs with ransomware – but no ransom demands
The Ukrainian CERT has uncovered an attack campaign aimed at compromising Ukrainian organizations and irretrievably encrypting their files.
To do that, they are leveraging a specific version of the Somnia ransomware that, "According to the attackers' theoretical plan, does not provide for the possibility of data decryption."
The Ukrainian cyber experts believe that the attack was effected by Russian hacktivists that go by FRwL, with help from an initial access broker.
The team does not specify at which point the hacktivists took the attack over from the IAB, but say that, "Having gained remote access to the organization's computer network using a VPN, the attackers conducted reconnaissance, launched the Cobalt Strike Beacon program, and also exfiltrated data, as evidenced by the use of the R?lone program."
"FRwL, whose activity is monitored by CERT-UA under the identifier UAC-0118, took responsibility for the unauthorized intervention in the operation of automated systems and electronic computing machines of the target of the attack," the Ukrainians say.
FRwL have been launching similar attacks against Ukrainian targets since the spring of 2022, but this time the ransomware used is different, as it uses a different algorithm to encrypt files with a variety of extensions.
News URL
https://www.helpnetsecurity.com/2022/11/14/somnia-ransomware-ukrainian/
Related news
- Hacktivist Group Twelve Targets Russian Entities with Destructive Cyber Attacks (source)
- US sanctions crypto exchanges used by Russian ransomware gangs (source)
- Pro-Ukrainian Hackers Strike Russian State TV on Putin's Birthday (source)
- Recent Dr.Web cyberattack claimed by pro-Ukrainian hacktivists (source)
- Russian RomCom Attacks Target Ukrainian Government with New SingleCamper RAT Variant (source)
- Crypt Ghouls Targets Russian Firms with LockBit 3.0 and Babuk Ransomware Attacks (source)
- Four REvil Ransomware Members Sentenced in Rare Russian Cybercrime Convictions (source)
- Russian Espionage Group Targets Ukrainian Military with Malware via Telegram (source)